NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Security
NTXISSACSC4 - Hacking Performance Management, the Blue Green Game
-
Upload
north-texas-chapter-of-the-issa -
Category
Internet
-
view
340 -
download
1
Transcript of NTXISSACSC4 - Hacking Performance Management, the Blue Green Game
@NTXISSA#NTXISSACSC4
HackingPerformanceManagementTheBlueGreenGame
Dr.BrandenR.WilliamsDirector
UnionBank8October2016
@NTXISSA#NTXISSACSC4
• 1.Performancemeasures:• a.Havelittleornoimpactonbehavior• b.Haveamoderateimpactonbehavior,butarenotamajorfactor• c.Determinehowindividualsbehave
@NTXISSA#NTXISSACSC4
• 2.Itismostimportantthatperformancemeasuresshould:• a.Accuratelyreflectpastperformance• b.Correctlyinfluencefuturebehaviors
@NTXISSA#NTXISSACSC4
• 3.Performancemeasurementshouldfocusonthedepartmentlevelandencourageoptimaldepartmentalperformance.• a.True• b.False
StaySilent(Cooperate) Confess(Defect)
StaySilent
(Coo
perate)
(-1,-1) (-3,0)
Confess
(Defect)
(0,-3) (-2,-2)
PrisonerBob
Priso
nerA
lice
@NTXISSA#NTXISSACSC4
• Kerr(1975)arguesthatformalrewardsystemsshouldpositivelyreinforcedesiredbehavior,andnotconstituteanobstaclefortheorganizationanditsemployeestoovercome.
• JohnsonandKaplan(1987)exposetheinherentflawsoftraditionalmanagementaccountingsystemsanddescribedysfunctionalbehaviorsfromtraditionalperformancemeasures.(ManagementAccounting)
• KaplanandNorton(1992,1996)furtherhighlighttheweaknessesoftraditionalmeasurementsystemsthatleadtoinappropriatebehaviorssuchasshort-termthinking,lackofstrategicfocus,failuretoreinforcecontinuousimprovement,andtheresultingsuboptimalsystemperformance.(BalancedScorecard)
CopiedandformattedfromUmble &Umble (2012).
@NTXISSA#NTXISSACSC4
• Goldratt (1990)wrote“Tellmehowyoumeasureme,andIwilltellyouhowIwillbehave.”AND“Ifyoumeasuremeinanillogicalmanner,donotcomplainaboutillogicalbehavior.”(TheGoal)
• Chenhall andLangfield-Smith(2007)arguethattheeffectivenessofperformancemeasurementsystemsdependsonhowtheyimpactindividuals’behavior.
• RadnorandBarnes(2007)suggestthatperformancemeasurementsystemsshouldpromoteappropriatebehaviors.
CopiedandformattedfromUmble &Umble (2012).
@NTXISSA#NTXISSACSC4
RULESLet’splaytheBlueGreengame(Umble &Umble)andwinsomecoffee!
SplitintoFOURTEAMS.
Electamanager!
Ifadepartmentcannotreachaconsensusonthecolorofchiptosubmit,themanagerisauthorizedtomakethefinaldecision
Teamwiththebestscorewins!
Everymemberofthewinningteamwinsa$5STARBUCKSGIFTCARD!
Yes,theyactuallywork,andI’mnotmessingwithyou.
@NTXISSA#NTXISSACSC4
THE BLUE-GREEN GAME
Five rounds of play.
Notes:• Points DOUBLE in Round 3• Points TRIPLE in Round 5
DistributionofChips NumberofPointsWon/Lost
4Blue,0Green Each departmentwins1point
3Blue,1Green Blue DepartmentsGreenDepartments
Lose1pointWin 3points
2Blue,2Green Blue DepartmentsGreenDepartments
Lose2pointWin 2points
1Blue, 3Green Blue DepartmentsGreenDepartments
Lose3pointWin 1points
0Blue,4 Green Eachdepartmentloses1 point
@NTXISSA#NTXISSACSC4
SCORING
DistributionofChips NumberofPointsWon/Lost
4Blue,0Green Each departmentwins1point
3Blue,1Green Blue DepartmentsGreenDepartments
Lose1pointWin 3points
2Blue,2Green Blue DepartmentsGreenDepartments
Lose2pointsWin 2points
1Blue, 3Green Blue DepartmentsGreenDepartments
Lose3pointsWin 1point
0Blue,4 Green Eachdepartmentloses1 point
@NTXISSA#NTXISSACSC4
SCORING
DistributionofChips NumberofPointsWon/Lost
4Blue,0Green Each departmentwins1point
3Blue,1Green Blue DepartmentsGreenDepartments
Lose1pointWin 3points
2Blue,2Green Blue DepartmentsGreenDepartments
Lose2pointsWin 2points
1Blue, 3Green Blue DepartmentsGreenDepartments
Lose3pointsWin 1point
0Blue,4 Green Eachdepartmentloses1 point
@NTXISSA#NTXISSACSC4
SCORING
DistributionofChips NumberofPointsWon/Lost
4Blue,0Green Each departmentwins2points
3Blue,1Green Blue DepartmentsGreenDepartments
Lose2pointsWin 6points
2Blue,2Green Blue DepartmentsGreenDepartments
Lose4pointsWin 4points
1Blue, 3Green Blue DepartmentsGreenDepartments
Lose6pointsWin 2points
0Blue,4 Green Eachdepartmentloses2 points
@NTXISSA#NTXISSACSC4
SCORING
DistributionofChips NumberofPointsWon/Lost
4Blue,0Green Each departmentwins2points
3Blue,1Green Blue DepartmentsGreenDepartments
Lose2pointsWin 6points
2Blue,2Green Blue DepartmentsGreenDepartments
Lose4pointsWin 4points
1Blue, 3Green Blue DepartmentsGreenDepartments
Lose6pointsWin 2points
0Blue,4 Green Eachdepartmentloses2 points
@NTXISSA#NTXISSACSC4
SCORING
DistributionofChips NumberofPointsWon/Lost
4Blue,0Green Each departmentwins3points
3Blue,1Green Blue DepartmentsGreenDepartments
Lose3pointsWin 9points
2Blue,2Green Blue DepartmentsGreenDepartments
Lose6pointsWin 6points
1Blue, 3Green Blue DepartmentsGreenDepartments
Lose9pointsWin 3points
0Blue,4 Green Eachdepartmentloses3 points
@NTXISSA#NTXISSACSC4
• 1.Performancemeasures:• a.Havelittleornoimpactonbehavior• b.Haveamoderateimpactonbehavior,butarenotamajorfactor• c.Determinehowindividualsbehave
@NTXISSA#NTXISSACSC4
• 2.Itismostimportantthatperformancemeasuresshould:• a.Accuratelyreflectpastperformance• b.Correctlyinfluencefuturebehaviors
@NTXISSA#NTXISSACSC4
• 3.Performancemeasurementshouldfocusonthedepartmentlevelandencourageoptimaldepartmentalperformance.• a.True• b.False
@NTXISSA#NTXISSACSC4
RESULTSSilospromotebadbehavior,allowingeachorganizationtoattempttomaximizetheirpayoffs.
Rationalplayersacttomaximizetheirpayoffs,evenattheexpenseofothers
Poortransparencyofgoalsandperformancepromotesbadbehavior
Giventheopportunity,individualswilltakeadvantageofpoorlyconstructedplans
Protip:TESTperformancemanagementsystemsafteryouconstructthem.Seewhatwouldhappenifyouaimtomaximizeaparticularpayoff.Rewardsystemsareeffective,attimestoadeterment!
@NTXISSA#NTXISSACSC4
TYING TO SECURITYOrganizationalmetricsareoftennotoptimizedtoallowemployeestocontributetoglobaloptimum.
Securitymetricofmostclosedvulnerabilities
Securitymetricofmostblockedattacks(whichissketchtobeginwith)
NumberofsystemsmovedintocompliancewithXstandard
• BetterOptions:
%ofsystemsthatmeetX
Lengthofsecuritypatchdeployment,byseverity
@NTXISSA#NTXISSACSC4
GAME THEORY FUNPeopleoftentakeaggressiveposturesthatleadtomutuallybadoutcomeseventhoughmutualcooperationismutuallypreferable.
Evenifeveryoneagreesthatanoutcomeiseveryone’sfavorite,theymightnotgetthatoutcome.
Closingroadscanimproveeveryone’scommutetime.
Everyonemightmimiceveryoneelsejustbecausetwopeoplechosetodothesamething.
Youshouldn’ttrytomaximizeyourscoreinWordswithFriends/Scrabble.
Asdrugtestsbecomemoreaccurate,theyshouldbeimplementedlessoften.
Source:https://williamspaniel.com/2014/05/25/game-theory-is-really-counterintuitive/
@NTXISSA#NTXISSACSC4
References• Chenhall,R.H.,&Langfield-Smith,K.(2007).Multipleperspectivesofperformancemeasures.
EuropeanManagementJournal,25(4),266–282.• Goldratt,E.M.(1990).Thehaystacksyndrome:Siftinginformationoutofthedataocean.
Croton-on-Hudson,NY:NorthRiverPress.• Johnson,H.T.,&Kaplan,R.S.(1987).Relevancelost:Theriseandfallofmanagement
accounting.Boston,MA:HarvardBusinessSchoolPress.• Kaplan,R.S.,&Norton,D.P.(1992).Thebalancedscorecard—measuresthatdrive
performance.HarvardBusinessReview,70(1),71–79.• Kaplan,R.S.,&Norton,D.P.(1996).Usingthebalancedscorecardasastrategicmanagement
system.HarvardBusinessReview,74(1),75–87.• Kerr,S.(1975).OnthefollyofrewardingA,whilehopingforB.AcademyofManagement
Journal,18(4),769–783.• Poundstone,W.(1992).Prisoner’sdilemma.NewYork,NY:Doubleday.• Radnor,Z.J.,&Barnes,D.(2007).Historicalanalysisofperformancemeasurementand
managementinoperationsmanagement.InternationalJournalofProductivityandPerformanceManagement,56(5/6),384–396.
• Umble,E.,&Umble,M.(2012).IllustratingtheImpactofPerformanceMeasurementSystemsonOrganizationalPerformance:TheBlue-GreenGame.DecisionSciencesJournalofInnovativeEducation,10(3),461–467.